CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

90 matches found

WordPress Advanced Access Manager - Path Traversal

The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive file...

9.8CVSS7.3AI score0.43187EPSS

Exploits1References2

NVD•added 3 days ago•10 views

CVE-2026-42674

Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0...

7.5CVSS0.00039EPSS

Exploits0References1

Cvelist•added 3 days ago•21 views

CVE-2026-42674 WordPress Advanced Access Manager plugin <= 7.1.0 - Bypass Vulnerability vulnerability

Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0...

7.5CVSS0.00039EPSS

Exploits0References1

EUVD•added 3 days ago•5 views

EUVD-2026-33689

Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0...

7.5CVSS5.8AI score0.00039EPSS

Exploits0References1

Vulnrichment•added 3 days ago•5 views

CVE-2026-42674 WordPress Advanced Access Manager plugin <= 7.1.0 - Bypass Vulnerability vulnerability

Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0...

7.5CVSS5.8AI score0.00039EPSS

Exploits0References1

CVE•added 3 days ago•8 views

CVE-2026-42674

The CVE concerns the WordPress plugin Advanced Access Manager (AAM)

7.5CVSS5.8AI score0.00039EPSS

Exploits0References1

Positive Technologies•added 3 days ago•7 views

PT-2026-45461

Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0...

7.5CVSS5.8AI score0.00039EPSS

Exploits0References2

CNNVD•added 3 days ago•3 views

WordPress plugin Advanced Access Manager has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

7.5CVSS5.8AI score0.00039EPSS

Exploits0References1

Patchstack•added 2026/05/14 4:21 p.m.•6 views

WordPress Advanced Access Manager plugin <= 7.1.0 - Bypass Vulnerability vulnerability

Bypass Vulnerability vulnerability discovered by Tiago Ventura @perses in WordPress Plugin Advanced Access Manager versions = 7.1.0...

5.8AI score0.00039EPSS

Exploits0Affected Software1

RedhatCVE•added 2026/01/09 9:29 a.m.•4 views

CVE-2023-50881

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhance...

6.5CVSS6.7AI score0.00155EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-23517

Malware in sbrugna...

4.3CVSS4.8AI score0.00328EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2024-26162

Malicious code in bioql PyPI...

5.9CVSS8.6AI score0.00068EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-26165

Malicious code in bioql PyPI...

7.1CVSS8.8AI score0.00126EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-56374

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00065EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2023-56375

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00189EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 10:0 a.m.•3 views

CVE-2024-29124

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AAM Advanced Access Manager allows Stored XSS.This issue affects Advanced Access Manager: from n/a through 6.9.20...

5.9CVSS8.6AI score0.00068EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:0 a.m.•4 views

CVE-2023-51675

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18...

5.4CVSS6.7AI score0.00189EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 2:17 a.m.•2 views

CVE-2023-51674

6.5CVSS6.7AI score0.00065EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:3 p.m.•5 views

CVE-2021-24830

The Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS6AI score0.00282EPSS

Exploits2References1

RedhatCVE•added 2025/05/22 3:45 p.m.•5 views

CVE-2020-35934

The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object including all metadata upon login via the REST API aam/v1/authenticate or aam/v2/authenticate. This is a security problem if this object stores information that the user is not supposed to have e.g.,...

4.3CVSS6.7AI score0.00328EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by